<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Login</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
    <div class="row justify-content-center">
        <div class="col-md-6">
            <div class="card">
                <div class="card-header bg-primary text-white">
                    <h3 class="mb-0">Login</h3>
                </div>
                <div class="card-body">
                    <form id="loginForm">
                        <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>
                        <div class="mb-3">
                            <label for="username" class="form-label">Username</label>
                            <input type="text" id="username" name="username" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label for="password" class="form-label">Password</label>
                            <input type="password" id="password" name="password" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <button type="button" class="btn btn-primary" onclick="login()">Login</button>
                        </div>
                    </form>
                    <div class="mt-3">
                        <a href="/api/register">Register new account</a>
                    </div>
                    <div class="mt-3 text-danger" id="errorMessage" style="display:none;"></div>
                    <div class="mt-3 text-success" id="logoutMessage" style="display:none;">
                        You have been logged out.
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<script>
    function login() {
        const csrfToken = document.querySelector('input[name="_csrf"]').value;
        const username = document.getElementById('username').value;
        const password = document.getElementById('password').value;
        
        fetch('/api/login', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
                'X-CSRF-TOKEN': csrfToken
            },
            body: JSON.stringify({username, password})
        })
        .then(response => {
            if (response.status === 401) {
                return response.json().then(data => {
                    document.getElementById('errorMessage').textContent = 
                        data.message || 'Invalid credentials';
                    document.getElementById('errorMessage').style.display = 'block';
                });
            }
            if (response.ok) {
                window.location.href = '/projects';
            } else if(response.status === 403) {
                document.getElementById('errorMessage').textContent = 'Access denied. Please check your credentials.';
                document.getElementById('errorMessage').style.display = 'block';
            } else {
                document.getElementById('errorMessage').textContent = 'Invalid username or password.';
                document.getElementById('errorMessage').style.display = 'block';
            }
        })
        .catch(error => {
            console.error('Error:', error);
            document.getElementById('errorMessage').textContent = 'Network error occurred.';
            document.getElementById('errorMessage').style.display = 'block';
        });
    }

    if (window.location.search.includes('logout=true')) {
        document.getElementById('logoutMessage').style.display = 'block';
    }
</script>
</body>
</html>